Search CVE reports

1581 – 1590 of 60314 results

Detailed view

Sort by:

CVE-2025-8038

Medium priority

Needs evaluation

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

9 affected packages

mozjs91, firefox, thunderbird, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs91	Not in release	Ignored	—	—
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141,...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8036

Medium priority

Needs evaluation

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8035

Medium priority

Vulnerable

Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Vulnerable	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8034

Medium priority

Vulnerable

Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and...

9 affected packages

mozjs91, firefox, thunderbird, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs91	Not in release	Ignored	—	—
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Vulnerable	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8033

Medium priority

Vulnerable

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR <...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Vulnerable	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8032

Medium priority

Vulnerable

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13,...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Vulnerable	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8031

Medium priority

Vulnerable

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1,...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Vulnerable	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8030

Medium priority

Vulnerable

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141,...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Vulnerable	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8029

Medium priority

Vulnerable

Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Vulnerable	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

Export to JSON

Results by page: